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Abstract 


The deployment of new IP connectivity typically results in 
intermittent reachability for numerous reasons that are outside the 
scope of this document. In order to aid in the debugging of these 
persistent problems, this document proposes the creation of a new 
Routing Policy Specification Language attribute that allows a network 
to advertise an IP address that is reachable and can be used as a 
target for diagnostic tests (e.g., pings). 
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Introduction 


The deployment of new IP connectivity typically results in 
intermittent reachability for numerous reasons that are outside the 
scope of this document. In order to aid in the debugging of these 
persistent problems, this document proposes the creation of a new 
Routing Policy Specification Language attribute 
a network to advertise an IP address that is reachable and can be 
used as a target for diagnostic tests (e.g., pings). 


The goal of this diagnostic address is to provide operators a means 
to advertise selected hosts that can be targets of tests for such 
common issues as reachability and Path MTU discovery. 


The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", 
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 
"OPTIONAL" in this document are to be interpreted as described in 
[RFC2119]. 


RPSL Extension for Diagnostic Address 


Network operators wishing to provide a diagnostic address for their 
peers, customers, etc., MAY advertise its existence via the Routing 
Policy Specification Language [RFC4012] [RFC2622]. The pingable 
attribute is a member of the route and route6 objects in the RPSL. 
The definition of the pingable attribute is shown in Figure 1. 
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[RFC4012] that allows 


$eSorSssaass= $SSeHcSassSSassSsSses 5 eames ges vis m mca ates oo + 
| Attribute | Value | Type 

patan E n oS SSSeso See es SS ca ai a ag ie a + 

pingable <ipv6-address> or optional, 
<ipv4-address> multi-valued 
+----------- +------------------- 4+-------------- + 
| ping-hdl | <nic-handle> | optional, | 
| | | multi-valued | 
+----------- +------------------- +-------------- + 
Figure 1: Pingable Attribute Specification 
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The exact definitions of <ipv4-address> and <nic-handle> can be found 
in [RFC2622], while the definition of <ipv6-address> is in [RFC4012]. 


The pingable attribute allows a network operator to advertise an IP 
address of a node that should be reachable from outside networks. 
This node can be used as a destination address for diagnostic tests. 
The address specified MUST fall within the IP address range 
advertised in the route/route6 object containing the pingable 
attribute. The ping-hdl provides a link to contact information for 
an entity capable of responding to queries concerning the specified 
IP address. An example of using the pingable attribute is shown in 
Figure 2. 


route6: 2001:DB8::/32 

origin: AS64500 

pingable: 2001:DB8::DEAD: BEEF 
ping-hdl: OPS4-RIPE 


Figure 2: Pingable Attribute Example 
3. Using the RPSL Pingable Attribute 


The presence of one or more pingable attributes signals to network 
operators that the operator of the target network is providing the 
address(es) for external diagnostic testing. Tests involving the 

advertised address(es) SHOULD be rate limited to no more than ten 

probes in a five-minute window unless prior arrangements are made 

with the maintainer of the attribute. 


4. Security Considerations 


The use of routing registries based on RPSL requires a significant 
level of security. In-depth discussion of the authentication and 
authorization capabilities and weaknesses within RPSL is in 
[RFC2725]. The application of authentication in RPSL is key 
considering the vulnerabilities that may arise from the abuse of the 
pingable attribute by nefarious actors. Additional RPSL security 
issues are discussed in the Security Considerations sections of 
[RFC2622] and [RFC4012]. 


The publication of this attribute only explicitly signals the 
availability of an ICMP Echo Request/Echo Response service on the 
specified IP address. The operator, at his/her discretion, MAY 
deploy other services at the same IP address. These services may be 
impacted by the ping service, given its publicity via the RPSL. 
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While this document specifies that external users of the pingable 
attribute rate limit their probes, there is no guarantee that they 
will do so. Operators publicizing a pingable attribute are 
encouraged to deploy their own rate limiting for the advertised IP 
address in order to reduce the risk of a denial-of-service attack. 
Services, protocols, and ports on the advertised IP address should be 
filtered if they are not intended for external users. 
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